PRIVACY POLICY

Version [2.0]

Last Updated Date: January 2, 2023

3billion (“we” or “our”) is the provider of the Service and is engaged in the development of various genetic and biochemical tests and analyses. In order to provide the Service, 3billion must process certain personal information or data. Such personal information or data is collected and passed to 3billion by the Patient’s Authorized Healthcare Provider and/or the Medical and Healthcare Organization (Patients (individuals), Authorized Healthcare Provider (individuals), and Medical and Healthcare Organization (individuals/entities) collectively “you” or “your”). Capitalized terms used but not defined in this Privacy Policy have the meaning given to them in the Terms and Conditions or Terms of Use. Your use of the Service, the Website and your personal information is subject to the privacy related laws and regulations of the Republic of Korea, where 3billion’s principal place of business is located.

1. PURPOSE

This Privacy Policy explains your personal information or data that 3billion gathers from your use of the Service and the Website (including our Portal), how we use, disclose, and protect it, your choices, and some other important information. Before using the Service and the Website, you must review and agree to 3billion’s Terms and Conditions, Term of Use, Test Requisition Form (applicable to Authorized Healthcare Provider and Medical and Healthcare Organizations), and Informed Consent.

2. INFORMATION 3BILLION COLLECTS AND PROCESSES

The categories and purposes of information we collect and process include :

(a) Patients : Based on the respective the Informed Consent and through the Patients’ Authorized Healthcare Provider, generic/biochemical (personal details (including first name, last name, date of birth and/or age), address, family relations, gender, ethnicity, nationality, information on Patient’s insurance, disease, symptoms and other medical information, Samples*, and results of the genetic and/or biochemical analysis), and history (symptoms and other medical information, country, story of the Patient).
- *Before Patients’ Samples enter our lab, we make sure it is assigned a unique ID and de-identified, so that your personal information is not accessible to all. Only authorized personnel from our team have access to this information.
(b) Authorized Healthcare Provider/Medical and Healthcare Organization : Based on the respective Test Requisition Form and Informed Consent, personal details (including first name, last name, title), phone and fax number, business address and department, institution/practice name, specialization and language, license number/authorizing institution, and email address.
(c) Account : first name, last name, title, institute name, business address, telephone/fax number, email address, and login details.
(d) Payment: first name, last name, card issuer and card type, expiration date, billing address, bank account number and other bank account details.
(e) Website: marketing preferences, account settings including any default preferences, any preferences indicating, the types of services/offers that are interested, or the areas of our website visited. IP address, internet provider, operating system and browser used, type of device, such as laptop or smart phone, device cookie settings and other device details, such as MAC address and geolocation.
(f) Communication: your personal details (including first name, last name, title), date of birth, email address, phone number, country, professional title, and other (optional) personal information.
(g) Cookies and comparable technologies: please read “5. Cookies and Third Party Digital Services” below.

3. HOW 3BILLION USES THIS INFORMATION

In general, we use the information that we collect to provide the Service, to help improve our Service and user experiences, and to help advance genetic research and science. Specifically, we may use the information as follows :

To provide the Service.

To set up your 3billion Account; send you the Sample collection kits; validate, confirm, verify, deliver, install, and track your Order including to arrange for shipping, handle returns and refunds, maintain a record of the order you make; collect payment for the Service you ordered; and analyze the Sample to produce the Report. As part of the Service, we may also periodically review your information to determine if any updates or changes to your Report are required.

To communicate with you.

Remind you about submitting the Sample, respond to your inquiries, discuss your Report, follow up if there is an issue with the Sample or the Service, and provide information about or request feedback on the Report.

To help us improve the Service and develop new tests and services.

To request optional feedback, which could be used to improve our Services. We’ll only associate your feedback with your name with your consent. To learn how you may opt out of marketing surveys, please read “Your Choices” below.
To support our laboratory operations with internal quality control, validation studies, and research and development, and performing data analysis to improve our internal quality controls. 3billion may retain your de-identified raw genetic results during the term specified in this Privacy Policy.

For marketing purposes.

To learn about how you may opt out of marketing emails, please read “Your Choices” below.
To enforce our Terms and Conditions, Terms of Use, or other legal rights, including intellectual property rights; as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and to comply with industry standards or our policies.

Research use.

Considering the importance of genetic and health information in research, we use your information and data without any personal identification for further analysis.

4. HOW INFORMATION IS SHARED WITH THIRD PARTIES

This section describes the circumstances under which we may share your information with third parties. Transfer of your information to a third party only takes place with either explicit consent, in order to fulfill legal obligation or if such transfer is permitted by law. In this regard, please be informed that third party service providers have been carefully selected are contractually bound to comply with this Privacy Policy and the Applicable Laws and subject to our instructions and to regular monitoring. Based on the foregoing, we share your information :

To provide the Service.

We work with third party service providers to provide Website, application development, analytics, variant analysis, payment processing, hosting, maintenance, transmission of the Report, collection of the Sample, and other services for us. We limit the personal, health, and non-personal information we share with these service providers to that which is minimally necessary for them to perform their services for us, and we require them to agree to maintain the confidentiality and security of such information.

For 3billion’s purposes.

We may share aggregated, de-identified information (for example, aggregated trends about the general use of our Service) publicly and with our partners (this information will not include any personal health information).
We may author publications using de-identified information.
We may disclose your information when we believe in good faith that doing so is appropriate or necessary in order to enforce our Terms and Conditions.
Your information may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

For security or legal purposes.

If we believe in good faith that doing so is appropriate or necessary in order to address fraud, security, or technical issues, or protect against harm to us or others to the extent required or permitted by law.
To comply with applicable laws and regulations as well as law enforcement requests and legal process, such as a court order or subpoena.

5. COOKIES AND THIRD-PARTY DIGITAL SERVICES

Cookies :
- To improve and customize your experience when you use the Service and the Website, we may send one or more cookies — small text files containing a string of alphanumeric characters — to your device. We may use both session cookies that disappear after you close your browser and persistent cookies that remain after you close your browser and may be used automatically by the browser on subsequent visits to the Website. Please review your browser “Help” file to learn how to adjust your cookie settings. Note that some Website services may not function properly if you disable cookies.
DNT requests :
- Some browsers incorporate a “Do Not Track” (DNT) or similar feature that signals to digital services that a visitor doesn’t want to have their online activity tracked. Because there is not yet an accepted standard for how to respond to DNT signals, we and our service providers (like many digital service operators) do not respond to DNT signals.
Device, usage, and other automatically collected information :
- When you use our Website, we may automatically record certain information from your device by using various types of technology. This automatically collected information will help us customize and improve your experience with the Website and includes your IP address or other device address or ID, browser and/or device type, the web pages or Websites that you visit just before or just after you use the Website, the pages or other content you view or otherwise interact with on the Website and the dates and times that you visit, access, or use the Website.
Analytics services :
- 3billion uses the following statistical services to improve our Service, better understand our clients, and improve our communications, including Google Analytics, a web analytics service, evaluates the Website usage, compiles reports on website activity and provides us further services relating to website activity and internet usage; Hotjar, a web analytics service, collects certain technical data, including the IP address (captured and stored only in pseudonymized form), screen size, type of device (unique device identifiers), browser information, geographic location (country only) and preferred language.
Payment processing partner :
- We may use third-party services to process your payment. Our payment processor is Payletter (https://www.payletter.com), and your credit card or other payment related information will be directly provided to our payment processor.
Advertising partners :
- We may work with third party advertising partners to show ads for the Service after you visit our Website. These third-party partners collect information from you when you visit our Website and other websites. Please also read “Your Choices” below.
Links to other sites :
- This Privacy Policy solely applies to information collected directly by the Website. Our Website may contain links to other web sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage users to be aware that when they leave our Website for another site, even if through a link, they should read the privacy statements of each and every web site that collects personally identifiable information.

6. RETENTION PERIOD

Unless otherwise stated below, we store the information only for as long as necessary to fulfil our contractual or legal obligations. However, we are required to store certain information or data longer for statutory reasons. In particular, with regard to Patient files including personal data (biochemical, health and genetic) - once a report for a genetic testing was provided to the Patient’s Authorized Healthcare Provider – we are obliged to store the Patient file for a mandatory period of 10 years.

Records relating to the Service :

· Informed consent for genetic tests (10 years)
· Informed consent for research use of human biological materials (10 years)
· Test requisition forms (excluding patient information) (2 years)
· Result of genetic tests (paper based) (10 years)
· Result of genetic tests (electronic data) (indefinite)

Records relating to the operation of the Service :

· Contract or withdrawal of subscription, etc. (5 years)
· Payment and supply of goods, etc. (5 years)
· Consumer complaints or dispute settlement (3 years)
· Medical professionals and patients for scientific research (3 years (if identified information), indefinite (if de-identified information)
· Books and supporting documents for all transactions prescribed by the tax law-Retention period: 5 years
· Electronic financial transactions (5 years)
· Service visit history (3 years)
· Log record of users such as internet/data detecting the place of user connection (3 months)
· Electronic/digital media surveillance (CCTV etc.) history (3 months)

In addition, we are obliged to store certain information for a mandatory period from 2 to 10 years under the Applicable Laws. Furthermore, we store certain information for the purpose of evidence in civil claims.

7. HOW 3BILLION PROTECTS YOUR INFORMATION

3billion complies with the Personal Information Protection Act; the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.; the Act on the Use and Protection of Credit Information; the Act on the Protection, Use, etc. of Location Information; the Act on the Development of Cloud Computing and the Protection of its Users; the Framework Act on Electronic Documents and Transactions; the Electronic Signature Act; the Smart Grid Construction and Utilization Promotion Act; the Medical Service Act; and so on (the “Applicable Laws”). Furthermore, personal information protection guidelines established by the Korean government to maintain the privacy and security of your personal information. If a breach occurs that may have compromised the privacy or security of your personal information, we will let you know promptly. We will follow the duties and privacy practices described in this Privacy Policy, the Terms and Conditions, the Terms of Service, and the Informed Consent.

Furthermore, we use physical, managerial, and technical safeguards that are designed to improve the integrity and security of your information. All information on our servers is encrypted when it is at rest or in transit. All personal information (genetic or otherwise) is encrypted when it’s stored on our servers. Internally, strict guidelines and access controls protect your personal information that is in accordance with 3billion’s Data Management (October 1, 2021), Quality Management Manual (October 1, 2021), and Operation Manual (October 1, 2021).

We take precautions as set forth by periodic security risk assessment by implementing administrative, physical, and technical safeguards. However, we cannot ensure or warrant the security of any information in the event of a breach of any of our safeguards. You submit your information at your own risk. 3billion is not liable for the unauthorized release of your information unless such release was the result of gross negligence or willful misconduct on the part of 3billion.

8. HOW 3BILLION DESTRUCTS YOUR INFORMATION

In principle, the information is destroyed without delay when the purpose of collecting, processing and using such personal information is achieved. The information entered by ordering the Service is transferred to a separate data base after the purpose is achieved (in case of paper, a separate filing box) and is stored for a certain period of time in accordance with the Privacy Policy and the Applicable Laws (refer to the retention and use period) and then destroyed.

9. YOUR RIGHTS TO YOUR INFORMATION

3billion would like to make sure you are fully aware of all of your information protection rights. Every user of our Service and the Website is entitled to the following :

The right to access :

You have the right to request 3billion for copies of your personal data.

The right to rectification :

You have the right to request that 3billion correct any information you believe is inaccurate. You also have the right to request 3billion to complete information you believe is incomplete.

The right to erasure :

You have the right to request that 3billion erase your personal information, under certain conditions.

The right to restrict processing :

You have the right to request that 3billion restrict the processing of your personal information, under certain conditions.

The right to object to processing :

You have the right to object to 3billion's processing of your personal information, under certain conditions.

The right to data portability :

You have the right to request that 3billion transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: support@3billion.io

10. YOUR CHOICES

If you receive marketing emails from us, you can unsubscribe from that particular type of marketing email by following the instructions contained within the email or sending your request to us by email at support@3billion.io Please be aware that if you opt out of receiving marketing emails from us or otherwise modify the nature or frequency of marketing communications you receive from us, it may take up to thirty (30) calendar days for us to process your request, during which time you might receive marketing communications from us that you have already opted out from.

11. CHILDREN’S PRIVACY

Do not use or access any part of the Website or the Service if you are under 18 years of age. If you’re a parent or guardian and discover that your child under 18 has obtained an Account on the Website, please alert us promptly at support@3billion.io so we can take action to prevent access.

12. INTERNATIONAL USERS

The Service and our Website are hosted in Korea. If you choose to use the Service and our Website from other regions of the world, then by your use of the Service and our Website you acknowledge and agree that: (i) you are transferring your personal information outside of those regions to Korea for our Service as required for us to perform our contractual obligations to you; (ii) the laws and regulations of Korea shall govern your use of the Service and the Website, and may differ from those of your country of residence; and (iii) as per your submission of the Test Requisition Form and acceptance of the Informed Consent, you permit the Patient’s and your personal information to be used for the purposes set forth therein. We will retain your personal information only for as long as is necessary to carry out the function for which the information is being used, as consented by you in the Informed Consent, and to comply with applicable laws and regulations. By providing the Sample, you are not violating any export ban or other legal restriction in the country of your residence.

Certain Clients who live outside of Korea in certain jurisdictions may have the option of requesting that their personal information be accessed, updated, and/or removed at any time from our active databases, subject to the applicable laws and regulations of such jurisdictions. Such Clients may also have the right to object to our processing of their personal information and/or request that we provide their personal information to another third party. We may require that such request be provided in writing, subject to applicable laws and regulations with respect to the transfer of the Sample or information require for the Service. If you would like to access, update, object to processing, request provision to a third party, and/or request removal from our active database of your personal information, please contact us at support@3billion.io Any such requests will be honored within thirty (30) calendar days.

With respect to requests to remove or stop the processing of personal information, such requests received prior to initiation of the Service will result in a cancellation of the Service, and no Report will be provided to you. Please also refer to the section above entitled “Your Choices” to understand how requests to remove personal information are handled.

If you are a resident of California (CA), you are granted specific rights regarding access to your personal information under the California Online Privacy Protection Act and California Civil Code Section 1798.83. If you are a CA resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). If you are an EEA resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

13. CHANGES AND UPDATES TO THIS POLICY

Please revisit this page periodically to stay aware of any changes to this Privacy Policy, which we may update from time to time. If we modify the Privacy Policy, we’ll make it available through the Website, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of this change. Your continued use of the Service and the Website after the revised Privacy Policy becomes effective indicates that you have read, understood and agreed to the current version of the Privacy Policy.

14. OUR PRIVACY OFFICER AND CONTACT INFORMATION

3billion Privacy Officer : Changwon Keum (070-4855-1010)

Please contact us with any questions or comments about this Privacy Policy, your personal information, our use and disclosure practices, or your consent choices by email at support@3billion.io